Changeset View
Changeset View
Standalone View
Standalone View
security/vuxml/vuln.xml
- This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 Lines • Show All 52 Lines • ▼ Show 20 Lines | |||||
Help is also available from ports-security@freebsd.org. | Help is also available from ports-security@freebsd.org. | ||||
Notes: | Notes: | ||||
* Please add new entries to the beginning of this file. | * Please add new entries to the beginning of this file. | ||||
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | ||||
--> | --> | ||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | ||||
<vuln vid="177fa455-48fc-4ded-ba1b-9975caa7f62a"> | |||||
<topic>bro -- Unsafe integer conversions can cause unintentional code paths to be executed</topic> | |||||
<affects> | |||||
<package> | |||||
<name>bro</name> | |||||
<range><lt>2.6.2</lt></range> | |||||
</package> | |||||
</affects> | |||||
<description> | |||||
<body xmlns="http://www.w3.org/1999/xhtml"> | |||||
<p>Jon Siwek of Corelight reports:</p> | |||||
<blockquote> | |||||
<p>The following Denial of Service vulnerabilities are addressed:</p> | |||||
<ul> | |||||
<li>Integer type mismatches in BinPAC-generated parser code | |||||
and Bro analyzer code may allow for crafted packet data | |||||
to cause unintentional code paths in the analysis logic | |||||
to be taken due to unsafe integer conversions causing the | |||||
parser and analysis logic to each expect different fields | |||||
to have been parsed. One such example, reported by Maksim | |||||
Shudrak, causes the Kerberos analyzer to dereference a | |||||
null pointer. CVE-2019-12175 was assigned for this issue.</li> | |||||
<li>The Kerberos parser allows for several fields to be left | |||||
uninitialized, but they were not marked with an &optional | |||||
attribute and several usages lacked existence checks. | |||||
Crafted packet data could potentially cause an attempt | |||||
to access such uninitialized fields, generate a runtime | |||||
error/exception, and leak memory. Existence checks and | |||||
&optional attributes have been added to the relevent | |||||
Kerberos fields.</li> | |||||
<li>BinPAC-generated protocol parsers commonly contain fields | |||||
whose length is derived from other packet input, and for | |||||
those that allow for incremental parsing, BinPAC did not | |||||
impose a limit on how large such a field could grow, | |||||
allowing for remotely-controlled packet data to cause | |||||
growth of BinPAC's flowbuffer bounded only by the numeric | |||||
limit of an unsigned 64-bit integer, leading to memory | |||||
exhaustion. There is now a generalized limit for how | |||||
large flowbuffers are allowed to grow, tunable by setting | |||||
"BinPAC::flowbuffer_capacity_max".</li> | |||||
</ul> | |||||
</blockquote> | |||||
</body> | |||||
</description> | |||||
<references> | |||||
<cvename>CVE-2017-12175</cvename> | |||||
</references> | |||||
<dates> | |||||
<discovery>2019-05-29</discovery> | |||||
<entry>2019-05-31</entry> | |||||
</dates> | |||||
</vuln> | |||||
<vuln vid="183d700e-ec70-487e-a9c4-632324afa934"> | <vuln vid="183d700e-ec70-487e-a9c4-632324afa934"> | ||||
<topic>ImageMagick -- multiple vulnerabilities</topic> | <topic>ImageMagick -- multiple vulnerabilities</topic> | ||||
<affects> | <affects> | ||||
<package> | <package> | ||||
<name>ImageMagick7</name> | <name>ImageMagick7</name> | ||||
<range><lt>7.0.8.47</lt></range> | <range><lt>7.0.8.47</lt></range> | ||||
</package> | </package> | ||||
<package> | <package> | ||||
▲ Show 20 Lines • Show All 32,759 Lines • Show Last 20 Lines |